jboss EAP 6中的数据源加密 [英] Datasource encryption in jboss eap 6
问题描述
我对数据源进行了如下加密:
I have encrypted the datasource as follows:
Standalone.xml:
Standalone.xml:
<datasource jndi-name="java:/OracleDS" pool-name="OracleDS" enabled="true">
<connection-url>jdbc:oracle:thin:@abc.com:1001:DEV1</connection-url>
<driver>oracle</driver>
<security>
<security-domain>encrypted-ds</security-domain>
</security>
<validation>
<valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker"/>
<validate-on-match>true</validate-on-match>
<background-validation>false</background-validation>
<stale-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleStaleConnectionChecker"/>
<exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleExceptionSorter"/>
</validation>
</datasource>
->在security-domains标记中添加了安全域:
->added the security-domain in security-domains tag:
<security-domain name="encrypted-ds" cache-type="default">
<authentication>
<login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
<module-option name="username" value="308c162f7c2ec7f"/>
<module-option name="password" value="308c162f7c2ec7f"/>
<module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM,name=OracleDS"/>
</login-module>
</authentication>
</security-domain>
在管理控制台中,我希望用户名密码为纯文本/'*'(如果使用密码). 是否有可能. ??我可以用来做相同的任何其他加密技术吗?
I want the username password to be plain text / '*'(in case of password) in management console. Is it possible. ?? Any other encryption technique that I can use to do the same??
推荐答案
在Jboss EAP 6中,您可以使用SecureIdentityLoginModule添加加密的密码域.例如,您可以在standalone.xml或domain.xml中定义一个安全域:
In Jboss EAP 6 you can use the SecureIdentityLoginModule to add an encrypted password domain. For instance, you can define a security domain in standalone.xml or domain.xml:
<security-domain name="EncryptedPassword">
<authentication>
<login-module code="SecureIdentity" flag="required">
<module-option name="username" value="test"/>
<module-option name="password" value="encrypted_password"/>
</login-module>
</authentication>
</security-domain>
然后,您可以在standalone.xml或domain.xml中使用此userid/pwd组合的特定数据源中添加此安全域:
Then you can add this security domain in your particular data source that uses this userid/pwd combination in standalone.xml or domain.xml:
<datasource ... >
.....
<security>
<security-domain>EncryptedPassword</security-domain>
</security>
</datasource>
要对密码本身进行加密,您可以运行以下命令(请验证特定AS7下载中的picketbox jar和logging jar的版本以相应地替代):
To encrypt the password itself, you can run this command (please verify the versions of picketbox jar and logging jar in your particular AS7 download to substitute accordingly):
java -cp $JBOSS_HOME/modules/org/picketbox/main/picketbox-4.0.6.<beta|final>.jar:$JBOSS_HOME/modules/org/jboss/logging/main/jboss-logging-3.1.0.<some_version>.jar:$CLASSPATH org.picketbox.datasource.security.SecureIdentityLoginModule password
这将返回一个加密的密码,供您在安全域中使用.
This will return an encrypted password back that you can use in your security domain.
您可以在此处
Since open source rocks, you can see how the encoding code works in the source code of SecureIdentityLogin. You will notice in the source code that it uses Blowfish for encryption.
这篇关于jboss EAP 6中的数据源加密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
